Indeed. This is one of the reasons I use the SELinux sandbox to run my browser: there are a lot of ways that a browser could become a vulnerability. I would like to think I would always remember not to copy/paste from a website into my terminal, but the truth is that I could easily forget -- if I were in a hurry, if I knew the guy who made the website (but did not stop to think that someone might have hacked into the server), etc. Unfortunately it is hard to advise that everyone do this; the sandbox is very restrictive and basically incompatible with how most people use their computers.
About that, recently I started to watch some videos about SELinux, and I tought it could be a good idea to use it for isolating some likely-to-leak software (e.g. Skype).
I don't understand what it is but there is a culture in Ruby/Node to make installation "easy" to the extent that it is dangerous and, worse, offer no documented alternative.
Installing rvm shouldn't add lines to my .zshrc without prompting me. That behavior would be outrageous anywhere else but in Ruby land it's normal.
This then dumb for at least two reasons. I never copy-paste commands because no learning occurs. If you want to work at the command line, you have to work. At the command line.
Given the high price relative to the number of consumers that might be attacked with this software, I'd bet that it will mostly be purchased by people who want to do spear fishing.
It is not a real remote exploit due to any flaw in Linux, rather it is something the purveyors trick people into installing via "social engineering".